VPN BETWEEN ZYXEL ATP200 AND FRITZBOX! 7590

Leandro85 · March 2022

Good morning at all,

I'm trying to create an IPSec VPN Tunnel between an ATP200 and Fritzbox 7590 without success.

Does anyone did this VPN configurantion and can help me?

On the Fritzbox the error is:

Errore IKE 0x203D --> "phase 1 sa removed during negotiation"

The ATP Debug log is atached as "TESTVPN_LOG.txt"

Thank you so much!

zyman2008 · March 2022

Leandro85,
From the logs, it look like FRITZ!Box 7590 configured as an IPSec VPN client not Site-to-Site VPN.
It send request with Aggressive mode/PSK/mode-config.

So you can try to change the VPN connection rule on your ATP200 to enable mode-config settings,

Leandro85 · March 2022

Thank you for your reply

I've tryied with your suggestion but without success.

The firewall log is atached

Those are the ATP's configurations

This is the Fritzbox VPN Configuration:

Thanks a lot!!!

Best regards

Leandro

mMontana · March 2022

If you can consider professional support...

Zyxel_Stanley · April 2022

Hi @Leandro85
You can have a try to change VPN connection setting.(Phase 2)
> Configure as remote Access(Server Role)
> Configure local policy as "192.168.0.0/24".

Image: https://us.v-cdn.net/6029482/uploads/editor/4y/tyh1ckxbl5f6.png

zyman2008 · April 2022

Hi @Leandro85,
From the logs said, the VPN Phase 1 process is success but Phase 2 fail cause by proposal is mismatch.

Image: https://us.v-cdn.net/6029482/uploads/editor/yi/rlrbclmo7129.jpg

Then I search google to check what algorithms Fritzbox can support.
The help say "Perfect Forward Security(PFS) is not support".

Image: https://us.v-cdn.net/6029482/uploads/editor/9x/bbpyzwlptzhe.jpg

You can remove the Perfect Forward Security (PFS) setting in VPN Connection rule on ATP and try again.

Kepir · July 2022

Hi to all,
I have exact the same problems . I have a USG310 ServerSide and a Fritzbox as VPN-Client . Everything is configerued like in the Posts before.
The Fritzbox Log is :
VPN-Fehler: ATA154, IKE-Error 0x2026